Rewterz Threat Alert – Turla APT Group Targeting European Union

Rewterz Threat Advisory – Mozilla Thunderbird SMTP server response codes buffer overflow

December 3, 2020

Rewterz Threat Advisory – McAfee Total Protection (MTP) privilege escalation

December 3, 2020

Rewterz Threat Alert – Turla APT Group Targeting European Union

Severity

Medium

Analysis Summary

The APT group Turla is known by many names including Krypton, MAKERSMARK, Snake, Uroburosk, Venomous Bear, Waterbug and WhiteBear, and is tracked by researchers. Turla is primarily known for its espionage activities. The group is back again with undocumented backdoor and document stealer dubbed Crutch targeting specific Ministry of Foreign Affairs in a country of the European Union. Turla has compromised many governments, especially diplomatic entities, all around the world, operating a large malware arsenal. The main motive of the malware were mainly doing reconnaissance, lateral movement and espionage.

Figure-3.-Architecture-of-Crutch-v3-150x150.jpg

Impact

Information theft
Data Exposure
Exposure of sensitive documents

Indicators of Compromise

MD5

8e2ce1bc84ad3edd3c38037c982b509a

SHA-256

0010ccb822538d1881c61be874af49382c44b6c9cb665081cf0f672cbed5b6a5

SHA1

A010D5449D29A1916827FDB443E3C84C405CB2A5
2FABCF0FCE7F733F45E73B432F413E564B92D651
A4AFF23B9A58B598524A71F09AA67994083A9C83
778AA3A58F5C76E537B5FE287912CC53469A6078

Remediation

Block all threat indicators at your respective controls.
Search for IOCs in your environment.

Rewterz Threat Advisory – Mozilla Thunderbird SMTP server response codes buffer overflow

Rewterz Threat Advisory – McAfee Total Protection (MTP) privilege escalation

Rewterz Threat Alert – Turla APT Group Targeting European Union

Severity

Analysis Summary

Impact

Indicators of Compromise

MD5

SHA-256

SHA1

Remediation

Security Operations Centers across the region

Saudi Arabia

UAE

Oman

Pakistan